On 05.06.23 08:59, Darren Tucker wrote:
On Mon, 5 Jun 2023 at 16:29, Yuri <yuri@xxxxxxxxx> wrote:ssh_kex_exchange_identification: banner line contains invalid characters[...]It would be easier to figure out where offending connections come from.The subsequent log line from sshpkt_fatal contains the source address and port of that connection:
I think that Yuri meant (one of his several) ssh*d*-side port(s).There is SyslogFacility (plus the filtering capabilities of modern syslogd's), but since that would quite likely leak sensitive information out of the (better-protected) /var/log/secure on RHEL-like systems, I can't really recommend (ab)using it.
However, I guess that allowing the sysadmin to change the progname/ident parameter of the syslogging (like you can with the "daemon XYZ" setting for multi-instance OpenVPN servers), rather than having it fixed to "sshd", would prove more versatile than specifically adding the Port to selected message( string)s ...
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
